Security

Passwords

The Artemis configuration files contain a few default passwords and secrets that have to be overridden in your own configuration files or via environment variables (Spring relaxed binding).

artemis:
    user-management:
        internal-admin:
            username: "artemis-admin"
            # can be changed later, Artemis will update the password in the database
            # and connected systems on the next start
            password: "artemis-admin"
jhipster:
    security:
        authentication:
            jwt:
                # used to sign the JWT tokens for user authentication
                # can be changed later, will require all users to log in again
                #
                # encoded using Base64 (you can use `echo 'secret-key'|base64` on your command line)
                base64-secret: ""
    registry:
        password: "change-me"  # only for distributed setups with multiple Artemis instances

spring:
    prometheus:
        # if Prometheus monitoring is enabled: a comma-separated list of
        # IPs that are allowed to access the metrics endpoint
        monitoring-ip: "127.0.0.1"
    websocket:
        broker:
            username: "guest"  # only for distributed setups
            password: "guest"  # only for distributed setups

Note

The usernames/passwords for external systems (GitLab, Jenkins, …) are not listed here, since the general setup documentation describes how to set up those systems. Without replacing the default values, the connection to them will not work.

Note

Ensure restrictive access to the configuration files, so that access is only possible for the system account that runs Artemis and administrators.